Determining the OS of a device based off of the TTL returned from the ping command.

LL#16868 created on Sep 18th, 2014, last modified on Sep 22nd, 2014

Issue

It is believed that a non-endura device on the network has the same IP address as an Endura device. The OS of the other device can be determined by the output of the ping command.

Product Line

Pelco Video Management

Environment

Endura system- All versions

Cause

An unknown device on the network has the same IP address as an Endura device.

Resolution

Operating systems will have different default TTLs. This can be useful when trying to determine if there is another device on the network with the same IP address.

A few of the defaults are:

Linux TTL=64

Windows TTL=128

Cisco TTL=255

Solaris TTL=255

The above screenshot shows the ping results from a few devices on a network. In the top right, we were pinging 192.168.5.10, which in this example was the IP address of the SM5000. As can be seen, the TTL is showing 255, which is not the expected 64 from a Linux device. From this we were able to determine that there was a non-endura device on the network with the same IP address as the SM5000.